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The listing of claims will replace all prior versions and listings of claims in the 
application: 
Listiog of Claims 

1 . (Currently Amended) A method of controlling updates of a programmable 
memory of a device, the method comprising: 

obtaining an update image corresponding to the update of the progranmiable memory; 

obtaining a certificate associated with the update image, the certificate having update 
application rules in at least one extension of the certificate; 

extracting the update application rules from the at least one extension of the obtained 
certificate;-aftd 

selectively updating the programmable memory based on the update image and the 
update application rules extracted from the obtained certificate; 

wherein the update application rules comprise rules which identify installation 
information provided with the update image and wherein the step of updating the 
programmable memory comprises updating the programmable memory utilizing the 
installation information provided with the update image: and 

wherein the installation infonnation comprises ai> install progjam and wherein the 
step of updating the programmable memory utilizing the installation information comprises 
executing the install program to ivrite the update data to the programmable memory . 

2. (Original) A method according to Claim 1 , wherein the update application 
rules comprise at least one of rules information associated with a manufacturer of the device, 
rules information associated with a brand of the device, rules information associated with a 
software version of the device, rules infonnation associated with a license authorization of 
the device or rules associated with the individual device. 

3 . (Original) A method according to Claim 1 , wherein the update appUcation 
rules comprise rules defining devices for which application of the update image is authorized, 

4. (Original) A method according to Claim 3, wherein the rules defining 
devices comprise rules specifjdng at least one of authorized device serial numbers, authorized 
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firmware versions, authorized device manufacturers and authorized users associated with a 
device. 

5. (Original) A method according to Claim 1, wherein the update application 
rules comprise rules defining how data from the update image is utilized to update the 
programmable memory. 

6-7. Cancelled. 

8. (Original) A method according to Claim 1 , further comprising verifying 
the authenticity of the update image. 

9. (Original) A method according to Claim 8, wherein the step of verifying 
the authenticity of the update comprises the step of evaluating the certificate associated with 
the update image to determine if a valid digital signature is provided with the image. 

10. (Original) A method according to Claim 8, wherein the step of verifying 
the authenricity of the update image comprises the step of determining if a valid digital 
signature is provided with the image by decrypting the digital signature provided with the 
image using a shared secret. 

1 1 . (Original) A method according to Claim 9> wherein the step of evaluating 
the certificate comprises the steps of: 

decrypting a digital signature of the certificate utilizing a public key of a certificate 
authority accessible to the update program; and 

comparing the decrypted digital signature with a precomputed value to determine if 
the digital signature is a valid digital signature associated with the certificate authority. 

1 2. (Original) A method according to Claim 1 1 , wherein the public key is 
stored in a non-updateable memory. 
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13. (Original) A method according to Claim 1 1 , further comprising the steps 

of: 

providing the public key of the certificate authority in a previous version of data to be 
stored in the programmable memory; and 

wherein the step of decrypting a digital signature of the certificate utilizing a public 
key further comprises the step of obtaining the public key from the programmable memory. 

14. (Original) A method according to Claim 8, wherein the update image 
includes a plxirality of certificates in a hierarchy of certificates and wherein the step of 
verifying the authenticity of the update comprises the step of evaluating certificates of the 
plurality of certificates in the update image to determine if a valid digital signature is 
provided with the certificates of the update image. 

15. (Original) A method according to Claim 14, wherein the step of 
evaluating each of the digital certificates comprises the steps of: 

decrypting a digital signature of a certificate utilizing a public key associated with a 
next-higher certificate in the hierarchy; 

comparing the decrypted digital signatxue with a precomputed value to determine if 
the digital signature is a valid digital signature associated with the certificate; 

obtaining a public key associated with another of the digital certificates; 

repeating the steps of decrypting and comparing utilizing the obtained pubUc key 
associated with another of the digital certificates; and 

wherein the step of obtaining a public key is repeated until a public key associated 
with a digital certificate of a trusted certificate authority is obtained, and comparing the of the 
trusted certificate authority pubUc key with a predetermined value, 

16. (Original) A method according to Claim 1 , wherein the update image 
includes a plurality of certificates in a hi^archy of certificates and wherein the extracting the 
update application rules comprises the step of extracting update application rules from each 
of the certificates in the hierarchy of certificates having update application rules provided in 
an extension of the certification. 
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1 7- (Original) A method according to Claim 1 6, wherein the programmable 
memory is updated with the update image only if all of the update application rules indicate 
that the update image is applicable to the device. 

1 8. (Original) A method according to Claim 16, wherein the programmable 
memory is updated with the update image if any of the update application rules indicate that 
the update image is apphcable to the device. 

1 9. (Original) A method according to Claim 1 , wherein the programmable 
memory is updated with the update image if any of the update application rules indicate that 
the update image is apphcable to the device. 

20. (Original) A method according to Claim 1, wherein the programmable 
memory is updated with the update image only if all of the update application rules indicate 
that Che update image is applicable to the device. 

21 . (Currently Amended) A system for controlling updates of a programmable 
memory of a device, comprising: 

means for obtaining an update image corresponding to the update of the 
programmable memory; 

means for obtaining a certificate associated with the update image, the certificate 
having update application rules in at least one extension of the certificate; 

means for extracting the update application niles from the at least one extension of the 
obtained certificate;-a^ 

means for selectively updating the progranmiable memory based on the update image 
and the update application rules extracted from the obtained certificate; 

wherein the update application mles comprise rules which identify installation 
information provided with the update image and wherein the means for updatinjg the 
program mable memory comprises means for updating the programmable memory utilizing 
the installation information provided with the update image: and 
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wherein the installation infonnat ion comprises an install program and wherein means 
for updating the orogrammable me mory utilizing the installation information comp rises 
means for executing the i nstall program to write the update data to the programmable 
memory . 

22. (Original) A system according to Claim 21, wherein the update 
application rules comprise at least one of rules information associated with a manufactiu-cr of 
the device, rules infonnation associated with a brand of the device, rules information 
associated with a software version of the device, rules infonnation associated with a license 
authorization of the device or rules associated with the individual device. 

23. (Original) A system according to Claim 21, wherein the update 
application rules comprise rules defining devices for which application of the update image is 
authorized. 



24. (Original) A system according to Claim 23, wherein the rules defining 
devices comprise nile-s specifying at least ens of authorised dev-Ice serial numbers, authorized 
finnware versions, authorized device manufacturers and authorized users associated with a 
device. 

25, (Original) A system according to Claim 2 1 , wherein the update 
application mles comprise rules defining how data fix)m the update image is utilized to update 
the programmable memory. 

26-27. Cancelled. 

28. (Original) A system according to Claim 2 1 , fiirther comprising means for 
verifying the authenticity of the update image. 

29. (Original) A system according to Claim 28, whwein the means for 
verifying the authenticity of the update comprises means for evaluating the certificate 
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associated with the update image to determine if a valid digital signature is provided with the 
image. 

30. (Original) A system according to Claim 28, wherein the means for 
verifying the authenticity of the update image comprise$ means for determining if a valid 
digital signature is provided with the image by decrypting the digital signature provided with 
the image using a shared secret. 

3 1 . (Original) A system according to Claim 29, wherein the means for 
evaluating the certificate comprises: 

means for decrypting a digital signature of the certificate utilizing a public key of a 
certificate authority accessible to the update program; and 

means for comparing the decrypted digital signature with a precomputed value to 
determine if the digital signature is a valid digital signature associated with the certificate 
authority. 

— aj^mii. *i\^uuiuiii^ Lxj ^^leuuj wnerem me puonc Key is 

stored in a non-updateable memory. 

33 . (Original) A system according to CI aim 3 1 , further comprising: 

means for providing the public key of the certificate authority in a previous version of 
data to be stored in the programmable memory; and 

wherein the means for decrypting a digital signature of the certificate utilizing a 
public key further comprises means for obtaining the public key fi-om the programmable 
memory. 

34. (Original) A system according to Claim 28, wherein the update image 
includes a plurality of certificates in a hierarchy of certificates and wherein the means for 
verifying the authenticity of the update comprises means for evaluating certificates of the 
plurality of certificates in the iq>date image to determine if a valid digital signature is 
provided with evaluated certificates of the update image. 
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35. (Original) A system according to Claim 34, wherein the means for 
evaluating each of the digital certificates comprises: 

means for decrypting a digital signature of a certificate utilizing a public key 
associated with a next-higher certificate in hierarchy, 

means for comparing the decrypted digital signature with a precomputed value to 
determine if the digital signature is a valid digital signature associated with the certificate; 

means for obtaining a public key associated with another of the digital certificates; 

means for repeatedly obtaining a pubhc key, decrypting a digital signature and 
comparing the decrypted digital signature with a precomputed value until a public key 
associated with a digital certificate of a trusted certificate authority is obtained; and 

means for comparing the public key of the digital certificate of the trasted certificate 
authority with a predetermined value. 

36. (Original) A system according to Claim 2 1 , wherein the update image 
includes a plurality of certificates in a hierarchy of certificates and wherein the means for 



>.w«ww =i/H"^"Jn^" luics comprises means for extracting update application 
rules from each of the certificates in the hierarchy of certificates having update application 
rules provided in an extension of the certification. 

3 7. (Original) A system according to Claim 36, wherein the programmable 
memory is updated with the update image only if all of the update application rules indicate 
that the update image is applicable to the device. 

38. (Original) A system according to Claim 36. wherein the programmable 
memory is updated with the update image if any of the update application rules indicate that 
the update image is applicable to the device. 

39. (Original) A system according to Claim 21 , wherein the programmable 
memory is updated with the update image if any of the update application rules indicate that 
the update image is applicable to the device. 
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40. (Original) A system according to Claim 21 , wherein the programmable 
memory is updated with the update image only if all of the update application rules indicate 
that the update image is applicable to the device. 

41 . (Currently Amended) A computer program product for controlling updates of 
a programmable memory of a device, comprising: 

a computer readable media having computer readable program code embodied 
therein, the computer readable program code comprising: 

computer readable program code which obtains an update image corresponding to the 
update of the programmable memory; 

computer readable program code which obtains a certificate associated with the 
update image, the certificate having update application rules in at least one extension of the 
certificate; 

computer readable program code which extracts the update application rules from the 
at least one extension of the obtained certificate;^ai*d 

computer readable program code which selectively updates the programmable 
memory based on the update image and the update application rules extracted from the 
obtained certificate; 

wherein the update application rules comprise rules which identifv installation 
information provided with the update imapc and wherein th o. rnrnpnt er readable program 
code which updates the programmable memory comprises computer readable program code 
which updates the programmable memory utilizing the installation information provided with 
the ^pdate ima^e; and 

wherein the installation infoimation comprises an install program and wherein the 
com puter readable program code which updates the programmable memory utilizing the 
installation information comprises computer readable program code which executes the 
install program to write the update data to the programmable memory . 

42. (Original) A computer program product according to Claim 4 1 , wherein 
the update application rules comprise at least one of rules information associated with a 
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manufacturer of the device, rules information associated with a brand of the device, rules 
infonnation associated with a software version of the device, rules infonnation associated 
with a license authorization of the device or rules associated with the individual device. 

43 . (Original) A computer program product according to Claim 4 1 , wherein 
the update application rules comprise rules defining devices for which application of the 
update image is authorized. 

44. (Original) A computer program product according to Claim 43, wherein 
the rules defming devices comprise rules specifying at least one of authorized device serial 
numbers, authorized firmware versions, authorized device manufacturers and authorized 
users associated with a device. 



45. (Original) A computer program product according to Claim 41 , wherein 
the update application rules comprise rules defining how data from the update image is 
utilized to xqidate the programmable memory. 



46-47. Cancelled. 



48. (Original) A computer program product according to Claim 41, further 
comprising computer readable program code which verifies the authenticity of the update 



image. 



49. (Original) A computer program product according to Claim 48, wherein 
the computer readable program code which verifies the authenticity of the update comprises 
computer readable program code which evaluates the certificate associated with the update 
image to determine if a vaUd digital signature is provided with the image. 

50. (Original) A computer prograin product according to Claim 48, wherein 
the computer readable program code which verifies the authenticity of the update image 
comprises computer readable program code which detennines if a valid digital signature is 
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provided with the image by decrypting the digital signature provided with the image using a 
shared secret 

5 1 . (Original) A computer program product according to Claim 49, wherein 
the computer readable program code which evaluates the certificate comprises: 

computer readable program code which decrypts a digital signature of the certificate 
utilizing a public key of a certificate authority accessible to the update program; and 

computer readable program code which compares the decrypted digital signature with 
a precomputed value to determine if the digital signature is a valid digital signature associated 
with the certificate authority. 

52. (Original) A computer program product according to Claim 5 1 , wherein 
the public key is stored in a non-updateable memory. 

53. (Original) A computer program product according to Claim 5 1 , fiirther 
comprising: 

computer readabie program code which provides the public key of the certificate 
authority in a previous version of data to be stored in the programmable memory; and 

wherein the computer readable program code which decrypts a digital signature of the 
certificate utilizing a public key further comprises computer readable program code which 
obtains the public key from the programmable memoiy. 

54. (Original) A computer program product according to Claim 48, wherein 
the update image includes a plurality of certificates in a hierarchy of c^ficates and wherein 
the computer readable program code which verifies the authenticity of the update comprises 
computer readable program code which evaluates certificates of the plurality of certificates in 
the i^date image to determine if a valid digital signature is provided with the evaluated 
certificates of the update image. 



PAGE 12/18 ' RCVD AT 305/2005 10:16:32 AM [Eastern Standard Time]' SVKUSPTO-^-l/l ' DNiS:B729306' CSID:919 854 1401 ' DURATION tK):05^ 



MAR. 25. 2005 1 0:20AM MBS&S 9 19 854-1401 



NO. 3358 P. 13/1 



In re: Hind et al. 
Serial No.: 09/614,983 
Filed: July 12,2000 
Page 12 of 17 

55. (Original) A computer program product according to Claim 54, wherein 
the computer readable program code which evaluates each of the digital certificates 
comprises: 

computer readable program code which decrypts a digital signature of a certificate 
utib'zing a public key associated with a next-higher certificate in the hierarchy; 

computer readable program code which compares the decrypted digital signature with 
a precomputed value to determine if the digital signature is a valid digital signature associated 
with the certificate; 

computer readable program code which obtains a public key associated with another 
of the digital certificates; 

computer readable program code which repeatedly obtains a public key, decrypts a 
digital signature and compares the decrypted digital signature with a precomputed value until 
a public key associated with a digital certificate of a trusted certificate authority is obtained; 
and 

computer readable program code which compares the public key of the digital 
certificate of the trusted certificate authority with a predetermined value. 

56. (Original) A computer pro gram product according to Claim 4 1 , wherein 
the update image includes a plurality of certificates in a hierarchy of certificates and wherein 
the computer readable program code which extracts the update application rules comprises 
computer readable program code which extracts update apphcation rules fix>m each of the 
certificates in the hierarchy of certificates having update application rules provided in an 
extension of the certification. 

57. (Original) A computer program product according to Claim 56, wherein 
the programmable memory is U|>dat©d with the update image only if all of the update 
application rules indicate that the update image is applicable to the device. 

58. (Original) A computer program product according to Claim 56, wherein 
the programmable memory is updated with the update image if any of the update apphcation 
rules indicate that the update image is appUcablc to the device. 
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59. (Original) A computer program product according to Claim 41 , wherein 
the programmable memory is updated with the update image if any of the update application 
rules indicate that the update image is applicable to the device. 

60. (Original) A computer program product according to Claim 41 , wherein 
the programmable memory is updated with the update image only if all of the update 
application rules indicate that the update image is applicable to the device. 

61-74. Cancelled. 
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